These are Abuse of Functionality, Denial of Service, Cross-Site Scripting and Full path disclosure vulnerabilities in Js-Multi-Hotel plugin for WordPress. There are much more vulnerabilities in this plugin (including dangerous holes), so after two advisories I'll write new advisories.